"Steven M. Bellovin" wrote:
>
> It's far from clear to me that you're right; my point is that from an
> architectural perspective, it doesn't matter. Even if there is no reuse, a
> solution independent of IKE is the right answer. Supporting these other
> scenarios strengthens an already-strong case, in my opinion.
>
With this, I agree. I think it would be hard for us, if we use an
OOB mechanism that can deliver certs, to build a system that didn't
naturally support reuse.
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M70, MS 012, FITZ
Systems Security Architect Phone: (ESN) 393-9145 +1 613 763 9145
Security and Internet Solutions Fax: (ESN) 395-1407 +1 613 765 1407
Nortel Networks mleech@xxxxxxxxxxxxxxxxxx
-----------------Expressed opinions are my own, not my employer's------